PAIQ RAAS, S.L. ("pAIq", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our platform at paiq.io.
Company details:
PAIQ RAAS, S.L.
NIF: B27677392
Málaga, Spain
hello@paiq.io
1. Who This Policy Applies To
This policy applies to:
- Account holders — Instagram creators and businesses who register for pAIq
- Website visitors — anyone who accesses paiq.io
- Message senders — individuals who send DMs to an Instagram account managed by pAIq (see Section 6 for the specific legal basis applied to senders)
2. What Data We Collect
We collect the following types of personal data:
Account information
- Name and email address (when you register)
- Billing information (processed by Stripe — we do not store card details)
- Instagram account identifiers (username, account ID)
Instagram message data
- DM content that you authorise pAIq to process on your behalf
- Sender information from incoming messages (as permitted by Instagram's API and Meta's platform policies)
Usage data
- How you interact with the pAIq dashboard
- Feature usage and settings preferences
- Log data (IP address, browser type, access times)
3. How We Use Your Data
We use your data to:
- Provide and operate the pAIq service
- Process and generate AI-powered responses to your Instagram DMs
- Personalise your AI agent to match your communication style
- Send you account-related emails (billing, security, updates)
- Improve our platform and fix issues
- Comply with legal obligations
We do not sell your data to third parties. We do not use your data or your followers' data for advertising. Customer data is never used to train any third-party AI model (see Section 7).
4. Automated Decision-Making and AI Processing
pAIq uses artificial intelligence to draft and send replies to Instagram DMs on your behalf. You should know:
- AI-generated replies are produced based on the configuration and Skills you set up in your pAIq account
- You retain full control: you can review, pause, override, or disable automated replies at any time via the dashboard
- We do not make solely automated decisions producing legal or similarly significant effects on data subjects within the meaning of Article 22 GDPR
- Escalation logic ensures that sensitive interactions (complaints, refund requests, legal threats) are routed to you or a human operator rather than auto-handled
If you have questions about how a specific reply was generated, contact hello@paiq.io.
5. Legal Basis for Processing (GDPR Article 6)
We process your data under the following legal bases:
- Operating the pAIq service for account holders: Contractual necessity — Art. 6(1)(b)
- Processing incoming DMs from senders: Legitimate interest — Art. 6(1)(f), to enable the account holder to reply on their own behalf
- Service improvement, security, fraud prevention: Legitimate interest — Art. 6(1)(f)
- Marketing emails: Consent — Art. 6(1)(a)
- Billing records, tax compliance: Legal obligation — Art. 6(1)(c)
6. Processing of Message Senders' Data
When a third party sends a DM to an Instagram account managed by pAIq, we process their message content and Instagram identifiers to enable a reply. We rely on legitimate interest (Art. 6(1)(f) GDPR): the sender has voluntarily contacted the account, the account holder has a reasonable interest in replying, and the processing is limited to what is strictly necessary for that reply.
Senders may exercise the rights listed in Section 9 by contacting hello@paiq.io.
7. Data Storage, Security, and AI Subprocessors
All customer data is stored on servers located within the European Union (Hetzner, Germany).
We protect your data using:
- AES-256 encryption at rest
- TLS encryption in transit
- Row-level security and tenant isolation in our database
- Access controls limiting who within pAIq can access data
- Regular security reviews
AI processing: DM content is sent to large language model providers (currently Anthropic) via API for the sole purpose of generating replies. Customer data is not used to train any AI model. Anthropic retains API request data only as needed for abuse monitoring under their commercial terms, and we do not store customer data within Anthropic's infrastructure beyond the duration of the API call.
Instagram message data is processed in real time and is not retained longer than necessary to provide the service.
8. Data Sharing and Subprocessors
We share data only with vetted third-party providers necessary to operate the service. A live subprocessor list is published at paiq.io/subprocessors.
Categories include:
- Payment processing — Stripe (Ireland/US)
- Instagram API — Meta Platforms (Ireland/US)
- AI inference — Anthropic (US), via API in zero-retention mode
- Cloud infrastructure — Hetzner (Germany)
- Email and operational tooling — listed in full at paiq.io/subprocessors
International transfers (Chapter V GDPR): Where data is transferred to processors outside the European Economic Area (e.g. US-based AI and payment providers), we rely on the European Commission's Standard Contractual Clauses (SCCs, Module 2 — Controller to Processor) as the transfer mechanism, supplemented where appropriate by additional technical measures.
We do not share your data with advertisers, data brokers, or any third party for marketing purposes.
9. Your Rights Under GDPR
As a data subject, you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — ask us to correct inaccurate data
- Erasure — request deletion of your data ("right to be forgotten")
- Portability — receive your data in a structured, machine-readable format
- Restriction — ask us to limit how we process your data
- Objection — object to certain types of processing
- Withdraw consent — at any time, where consent was the legal basis
- Not be subject to solely automated decisions with legal or similarly significant effects (Art. 22)
To exercise any of these rights, contact us at: hello@paiq.io
We will respond within 30 days.
Right to lodge a complaint: You also have the right to lodge a complaint with the Spanish supervisory authority, the Agencia Española de Protección de Datos (AEPD) — www.aepd.es — or with your local EU data protection authority.
10. Data Retention
We retain your data for as long as your account is active. Upon account deletion:
- Account and billing data is deleted within 30 days (subject to legal retention obligations such as Spanish tax law, which requires invoice retention for up to 6 years)
- DM content is deleted immediately upon request
- Anonymised, non-identifiable usage statistics may be retained for service improvement
11. Children
pAIq is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a minor, contact hello@paiq.io and we will delete it.
12. Cookies
pAIq uses cookies and similar technologies to maintain your session, remember your preferences, and understand how the platform is used. Categories:
- Strictly necessary — required for login, security, and core functionality (no consent required)
- Analytics — help us understand usage patterns (consent required)
- Functional — remember preferences (consent required)
We do not use advertising cookies. You can manage your preferences via our cookie banner or your browser settings. Disabling strictly necessary cookies may affect platform functionality.
13. Data Protection Officer
PAIQ RAAS, S.L. has assessed its obligations under Article 37 GDPR. Privacy and data protection questions can be addressed to hello@paiq.io, where they will be handled by the founders directly. We will appoint a formal Data Protection Officer if and when our processing activities meet the Article 37 thresholds.
14. Data Breach Notification
In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the AEPD within 72 hours of becoming aware of it, and notify affected users without undue delay where the risk is high (Articles 33 and 34 GDPR).
15. Changes to This Policy
We may update this policy from time to time. We'll notify registered users by email of material changes and update the "last updated" date above. Continued use of pAIq after changes constitutes acceptance.
16. Contact
For any privacy-related questions or to exercise your rights:
hello@paiq.io
PAIQ RAAS, S.L. — NIF B27677392 — Málaga, Spain